<?php
/***********************************************************************

  Copyright (C) 2002-2008  PunBB

  This file is part of PunBB.

  PunBB is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published
  by the Free Software Foundation; either version 2 of the License,
  or (at your option) any later version.

  PunBB is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston,
  MA  02111-1307  USA

************************************************************************/


// Tell header.php to use the admin template
define('PUN_ADMIN_CONSOLE', 1);

define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';
require PUN_ROOT.'include/common_admin.php';


if ($pun_user['g_id'] > PUN_MOD)
	message($lang_common['No permission']);

$mode = 'add';
if (isset($_GET['edit_medal']))
{
	$medal_id = intval($_GET['edit_medal']);
	if ($medal_id < 1)
		message($lang_common['Bad request']);

	$result = $db->query('SELECT name, description, image FROM '.$db->prefix.'medal WHERE id='.$medal_id) or error('Unable to fetch medal info', __FILE__, __LINE__, $db->error());
	if ($db->num_rows($result))
		list($medal_name, $medal_description, $medal_image) = $db->fetch_row($result);
	else
		message($lang_common['Bad request']);


	$mode = 'edit';
}

// Add/edit a medal (stage 2)
else if (isset($_POST['add_edit_medal']))
{
	$medal_name = trim($_POST['medal_name']);
	$medal_description = trim($_POST['medal_description']);
	$medal_image = trim($_POST['medal_image']);

	if ($medal_name != '' && $medal_description != '' && $medal_image != '')
	{
		$medal_name = '\''.$db->escape($medal_name).'\'';
		$medal_description = '\''.$db->escape($medal_description).'\'';
		$medal_image = '\''.$db->escape($medal_image).'\'';

		if ($_POST['mode'] == 'add')
			$db->query('INSERT INTO '.$db->prefix.'medal (name, description, image) VALUES('.$medal_name.', '.$medal_description.', '.$medal_image.')') or error('Unable to add medal', __FILE__, __LINE__, $db->error());
		else
			$db->query('UPDATE '.$db->prefix.'medal SET name='.$medal_name.', description='.$medal_description.', image='.$medal_image.' WHERE id='.intval($_POST['medal_id'])) or error('Unable to update medal', __FILE__, __LINE__, $db->error());
	}
	else
		message('You must enter name, description, and image.');

	redirect('admin_medal.php', 'Medal'.(($_POST['mode'] == 'edit') ? 'edited' : 'added').'. Redirecting &hellip;');
}

// Remove a medal
else if (isset($_GET['del_medal']))
{
	confirm_referrer('admin_medal.php');

	$medal_id = intval($_GET['del_medal']);
	if ($medal_id < 1)
		message($lang_common['Bad request']);

	$db->query('DELETE FROM '.$db->prefix.'medal_award WHERE medal_id='.$medal_id) or error('Unable to delete medal_award', __FILE__, __LINE__, $db->error());
	$db->query('DELETE FROM '.$db->prefix.'medal WHERE id='.$medal_id) or error('Unable to delete medal', __FILE__, __LINE__, $db->error());

	redirect('admin_medal.php', 'Medal removed. Redirecting &hellip;');
}

// Award a medal on a user (stage 1)
else if (isset($_GET['award_medal']))
{
	confirm_referrer('admin_medal.php');

	$medal_id = intval($_GET['award_medal']);
	if ($medal_id < 1)
		message($lang_common['Bad request']);

	$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Award medal';
	$focus_element = array('new_award', 'new_award_user');
	require PUN_ROOT.'header.php';

	generate_admin_menu('medal');
?>
	<div class="blockform">
		<h2><span>Award one specific user with this medal</span></h2>
		<div class="box">
			<form id="new_award" method="post" action="admin_medal.php">
				<div class="inform">
					<input type="hidden" name="medal_id" value="<?php echo $medal_id ?>" />
					<fieldset>
						<legend>New award</legend>
						<div class="infldset">
							<table class="aligntop" cellspacing="0">
								<tr>
									<th scope="row">Username</th>
									<td>
										<input type="text" name="new_award_user" size="25" maxlength="25" tabindex="1" />
										<span>The username to award (case insensitive).</span>
									</td>
								</tr>
								<tr>
									<th scope="row">Reason</th>
									<td>
										<input type="text" name="new_award_reason" size="50" maxlength="50" tabindex="2" />
										<span>The Reason</span>
									</td>
								</tr>
							</table>
						</div>
					</fieldset>
				</div>
				<p class="submitend"><input type="submit" name="add_award" value=" Award " tabindex="3" /></p>
			</form>
		</div>
	</div>
	<div class="clearer"></div>
</div>

<?php
	require PUN_ROOT.'footer.php';
}

// Award a medal on a user (stage 2)
else if (isset($_POST['add_award']))
{
	$medal_id = intval($_POST['medal_id']);
	$username = trim($_POST['new_award_user']);
	$reason = trim($_POST['new_award_reason']);
	$now = time();

	if ($medal_id < 1)
		message($lang_common['Bad request']);
	if ($username != '')
	{
		$result = $db->query('SELECT id, group_id FROM '.$db->prefix.'users WHERE username=\''.$db->escape($username).'\' AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
		if ($db->num_rows($result))
			list($user_id, $group_id) = $db->fetch_row($result);
		else
			message('No user by that username registered.');

		$reason = '\''.$db->escape($reason).'\'';
		$db->query('INSERT INTO '.$db->prefix.'medal_award (medal_id, user_id, reason, time) VALUES('.$medal_id.', '.$user_id.', '.$reason.', '.$now.')') or error('Unable to award medal to specific user', __FILE__, __LINE__, $db->error());
	}
	else
		message($lang_common['Bad request']);

	redirect('admin_medal.php', 'Medal awarded. Redirecting &hellip;');
}

// Remove a medal from a user (Remove an award)
else if (isset($_GET['remove_award']))
{
	$award_id = intval($_GET['award_id']);
	$user_id = intval($_GET['user_id']);

	if ($award_id < 1)
		message($lang_common['Bad request']);
	if ($user_id < 1)
		message($lang_common['Bad request']);
	$db->query('DELETE FROM '.$db->prefix.'medal_award WHERE id='.$award_id) or error('Unable to delete medal_award', __FILE__, __LINE__, $db->error());

	redirect('profile.php?section=medal&id='.$user_id, 'Medal removed. Redirecting &hellip;');
}


$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Medals';
require PUN_ROOT.'header.php';

generate_admin_menu('medal');

?>
	<div class="blockform">
		<h2><span><?php if ($mode == 'edit') echo 'Edit medal'; else echo 'New medal'; ?></span></h2>
		<div class="box">
			<form id="medal" method="post" action="admin_medal.php">
				<div class="inform">
				<input type="hidden" name="mode" value="<?php echo $mode ?>" />
<?php if ($mode == 'edit'): ?>				<input type="hidden" name="medal_id" value="<?php echo $medal_id ?>" />
<?php endif; ?>				<fieldset>
						<legend>Details</legend>
						<div class="infldset">
							<table class="aligntop" cellspacing="0">
								<tr>
									<th scope="row">Medal name</th>
									<td>
										<input type="text" name="medal_name" size="25" maxlength="25" value="<?php if (isset($medal_name)) echo pun_htmlspecialchars($medal_name); ?>" tabindex="1" />
										<span>The medal's name.</span>
									</td>
								</tr>
								<tr>
									<th scope="row">Medal description</th>
									<td>
										<input type="text" name="medal_description" size="45" maxlength="255" value="<?php if (isset($medal_description)) echo $medal_description; ?>" tabindex="2" />
										<span>Describe this medal.</span>
									</td>
								</tr>
								<tr>
									<th scope="row">Medal image</th>
									<td>
										<input type="text" name="medal_image" size="40" maxlength="50" value="<?php if (isset($medal_image)) echo strtolower($medal_image); ?>" tabindex="3" />
										<span>Modal image filename. (Only input filename, do not include path.)</span>
									</td>
								</tr>
							</table>
						</div>
					</fieldset>
				</div>
				<p class="submitend"><input type="submit" name="add_edit_medal" value=" <?php if ($mode == 'edit') echo 'Save'; else echo 'Add'; ?> " tabindex="6" /></p>
			</form>
		</div>

<?php if ($mode != 'edit'): ?>
		<h2 class="block2"><span>Existing medals</span></h2>
		<div class="box">
			<div class="fakeform">
<?php

$result = $db->query('SELECT id, name, description, image FROM '.$db->prefix.'medal ORDER BY id') or error('Unable to fetch medal list', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
{
	while ($cur_medal = $db->fetch_assoc($result))
	{

?>
				<div class="inform">
					<fieldset>
						<legend>Medal name: <?php echo $cur_medal['name'] ?></legend>
						<div class="infldset">
							<table cellspacing="0">
								<tr>
									<th>Description:</th>
									<td><?php echo pun_htmlspecialchars($cur_medal['description']) ?></td>
								</tr>
								<tr>
									<th>Image</th>
									<td><?php echo pun_htmlspecialchars($cur_medal['image']).'&nbsp;&nbsp;<img src="'.PUN_ROOT.'img/medals/'.$cur_medal['image'].'" />' ?></td>
								</tr>
							</table>
							<p class="linkactions"><a href="admin_medal.php?award_medal=<?php echo $cur_medal['id'] ?>">Award</a> - <a href="admin_medal.php?edit_medal=<?php echo $cur_medal['id'] ?>">Edit</a> - <a href="admin_medal.php?del_medal=<?php echo $cur_medal['id'] ?>">Remove</a></p>
						</div>
					</fieldset>
				</div>
<?php


	}
}
else
	echo "\t\t\t\t".'<p>No medal in list.</p>'."\n";
?>
		</div>
<?php endif; ?>
	</div>
	<div class="clearer"></div>
</div>
<?php

require PUN_ROOT.'footer.php';
